Andy Walker schreef op 15/04/14 01:19:
That's pretty close to our method as well. We've been using haproxy for just over a year, and started with 1.5 because of the built-in SSL capabilities... specifically, version 1.5-dev17. We actually did a fairly minimal amount of testing, and just started by moving a low amount of production traffic over to it. Since then, we've slowly ramped up to our current 120-140 million hits per day.About the same here. SSL termination and ACL's were the reason to go to 1.5 in production. First in the testing environment, then after a month or so without issues to acceptance, then after a month to production. We do this with every release, however, only if it has been out for at least a month (As in, see 1.5-dev20).We've done 2 upgrades -- 1.5-dev19 and 1.5-dev22. In both instances, we just did a bit of testing in a dev environment, and then upgraded the passive nodes in our active/passive haproxy pairs, let them chug along for a couple of days days, and then upgraded the others. We haven't had any issues with any regressions, and there haven't been any real backwards compatibility issues. The only time we needed to change our configs during an upgrade was with the latest health code check changes, but everything worked out just fine!In short, we've been much more happy with haproxy -- both during upgrades and as a whole -- than we have with all of the closed-source enterprisey software we run.Thanks, Willy!! -- Andy Walker System Administrator FBS - creators of flexmls 3415 39th St S Fargo, ND 58104 701-235-7300On Mon, Apr 14, 2014 at 5:27 PM, Ramin K <[email protected] <mailto:[email protected]>> wrote:On 4/14/2014 2:27 PM, Jonathan Matthews wrote: Hi all - I've been running 1.4 for a number of years, but am pondering moving some as-yet-unreleased apps to 1.5, for SSL and ACL-ish reasons. I'd like to ask how you, 1.5 sysadmins and devs, track the development version, and how you decide which version to run in production. Do you just run 1.5-dev${LATEST}? The latest snapshot? Do you follow the list here and cherry-pick important bug fixes? I don't feel I have a firm understanding of the status of the different, co-existing codebases that one could call "1.5" at any given time. And nor do I have the C-skills and time to review every commit. What do /you/ do, fellow sysadmins? How do you run, upgrade and maintain confidence in your chosen version of 1.5 in production? All opinions and information welcome! Jonathan Our method was to pick an actual release (-dev19), put it on stage, and after a week move it to prod. Update as new releases come out, but wait a day or two for any major bug (dev20 was a short lived release) to shake out before it goes on stage. We've been running 1.5-devxx in prod for over six months. Our system is relatively small trafficwise and ssl termination was the only driver of the move to 1.5. However we are looking at making use of the new health check code. ymmv. Ramin
We have not had many issues yet, as in, only on our side were the applications did not follow protocols correctly and haproxy did.
For the rest, it is an improvement over our F5. Configuration can be done with Puppet way more easily, the code is out there and it feels more stable.
smime.p7s
Description: S/MIME-cryptografische ondertekening
